def stop(self): try: with open(self.PID_FILE) as f: pid = f.readline().rstrip() except IOError: # It is not started return runCommandAsRoot(self, ['/bin/kill', '-9', pid]) runCommandAsRoot(self, ['/bin/rm', self.PID_FILE]) self.info('OpenVPN server stopped.')
def sysctlSet(logger, key, value): command = [SYSCTL, u"-n", u"-q", u"-w", u"%s=%s" % (key, value)] process, code = runCommandAsRoot(logger, command) if code != 0: raise RulesetError( tr("sysctl error: unable to set %s value to %s! (exit code %s)"), key, value, code)
def iptablesSave(logger, ipv6): """ Save current iptables rules into a file. Return the filename of the saved rules. Raise an IptablesError on error. """ if ipv6: filename = 'old_rules_ipv6' address_type = "IPv6" else: filename = 'old_rules_ipv4' address_type = "IPv4" filename = path_join(RULESET_DIR, filename) logger.warning("Save %s iptables rules to %s" % (address_type, filename)) if ipv6: command_str = IP6TABLES_SAVE else: command_str = IPTABLES_SAVE command = (command_str,) with open(filename, 'w') as rules: process, code = runCommandAsRoot(logger, command, timeout=22.5, stdout=rules) if code != 0: raise IptablesError(tr("%s command exited with code %s!"), command_str, code) size = getsize(filename) if not size: raise IptablesError(tr("%s command output is empty!"), command_str) return filename
def loadKernelModules(logger, ipv6): """ Load kernel modules required to use iptables-save and ip6tables-save. Do not raise an error if the module loading fails. """ if ipv6: proc_filename = '/proc/net/ip6_tables_names' module_name = 'ip6table_filter' else: proc_filename = '/proc/net/ip_tables_names' module_name = 'iptable_filter' if not exists(proc_filename): # Ignore exit code runCommandAsRoot(logger, [MODPROBE, module_name], 15.0) else: logger.info("Don't load kernel module %s: %s is present" % (module_name, proc_filename))
def start(self): self.stop() self.writeConfig() p, code = runCommandAsRoot(self, ['/usr/sbin/openvpn', '--cd', self.root_path, '--config', self.CONFIG_FILE, '--writepid', self.PID_FILE]) if code != 0: raise OpenVPNError('Unable to startup OpenVPN!') self.info('OpenVPN server started.')
def iptablesRestore(logger, filename, ipv6, check_error=True): if ipv6: logger.warning("Load IPv6 iptables rules from %s" % filename) else: logger.warning("Load IPv4 iptables rules from %s" % filename) if ipv6: command = IP6TABLES_RESTORE else: command = IPTABLES_RESTORE process, code = runCommandAsRoot(logger, [command], 90.0, stdin_filename=filename, stderr=PIPE) if code == 0: return # error! message, line_number = searchErrorLine(process.stderr) iptables = None if line_number is not None: with open(filename) as rules: for index, line in enumerate(rules): if (1+index) != line_number: continue iptables = line.rstrip() break command_str = command if check_error: if iptables: raise IptablesError(tr("%s command error on iptables rule (line %s):\n%s"), command_str, line_number, repr(iptables)) else: raise IptablesError(tr("%s command exited with code %s: %s"), command_str, code, message) else: if iptables: logger.warning("%s command error on iptables rule (line %s):" % (command_str, line_number)) logger.warning(repr(iptables)) else: logger.warning("%s command exited with code %s: %s" % (command_str, code, message))